{"id":334,"date":"2026-03-20T11:57:44","date_gmt":"2026-03-20T11:57:44","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=334"},"modified":"2026-03-20T11:57:44","modified_gmt":"2026-03-20T11:57:44","slug":"google-adds-24-hour-wait-for-unverified-app-sideloading-to-reduce-malware-and-scams","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=334","title":{"rendered":"Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 20, 2026<\/span><\/span><span class=\"p-tags\">Data Privacy \/ Mobile Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgg5Jk2lVSKahNb8j13vUPG5pkYP6zhO6lI9b-X50lBxAq_5yluF0ly4g80Z51IS-x-gwqVV3xIRyu5e9fMQb7Rsebhd1Als8TDnY2nLGESKkaVOP-balDBrPBTUfMyb4oEOvY8dVihZZxT05nhkCuZqYDsu3LsVDtjigqfaCwW112fZ9YLR8JesGrBtAvs\/s1700-e365\/android-sideloading.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Google on Thursday <a href=\"https:\/\/android-developers.googleblog.com\/2026\/03\/android-developer-verification.html\" rel=\"noopener\" target=\"_blank\">announced<\/a> a new \u00abadvanced flow\u00bb for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety.<\/p>\n<p>The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to be installed on certified Android devices. The move, it added, was done to flag bad actors faster and prevent them from distributing malware.<\/p>\n<p>This also includes potential scenarios where cybercriminals trick unsuspecting users who sideload such apps into granting them elevated privileges that make it possible to turn off Play Protect, the anti-malware feature built into all Google-certified Android devices.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/not-fast-enough-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhlXM830ruQd2xT6M7JNeNRjaFa1onD12WjSCHihTFMTzbyfT9h-irPmXy_h3E1HGSs6sdv7FTmnyNVTM5kmSb7BuUtZe8gKoTQt99P1sSzRcqqXpOJP6eoAOhR3DGb6qHx9kOZ_HBZUMmVnsnd0DM7QfUp81bgzTvvgLww6oqB-EhnDfWXH5pWCYhAsyLs\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>However, the <a href=\"https:\/\/developer.android.com\/developer-verification\" rel=\"noopener\" target=\"_blank\">mandatory registration requirements<\/a> have been <a href=\"https:\/\/keepandroidopen.org\/open-letter\/\" rel=\"noopener\" target=\"_blank\">met with criticism<\/a> from over 50 app developers and marketplaces, including F-Droid, Brave, The Electronic Frontier Foundation, Proton, The Tor Project, Vivaldi, who say they risk creating friction and barriers to entry, and raise privacy and surveillance concerns in the absence of clarity about what personal information developers must provide, how this data will be stored, secured, and used, and if it could be subject to government requests or legal processes.<\/p>\n<p><a name=\"more\"\/><\/p>\n<p>As a way of quelling some of these thorny issues, Google has emphasized that the newly developed advanced flow allows power users to maintain the ability to sideload apps from unverified developers with a one-time process that requires them to follow the steps below &#8211;<\/p>\n<ul>\n<li>Enable developer mode in system settings.<\/li>\n<li>Confirm that they are taking this step of their own volition and are not being coached.<\/li>\n<li>Restart the phone and re-authenticate so as to prevent a scammer from monitoring what actions a user is taking.<\/li>\n<li>Wait for a 24-hour period and confirm that they are really making this change with biometric authentication or device PIN.<\/li>\n<li>Install apps from unverified developers once users understand the risks, either indefinitely or for a period of seven days.<\/li>\n<\/ul>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEibOvqcR7yA2YEzbIl3KKxzUg5siTAiiE45LTYtJuYpKsQM9EvREA4mWLD-m1xKiGKULJ8pIGc9qGJsZoHXCpHRERZXNBO0Qr_rcaG1YntV4GyiQU-Pf9JFa9LvgFIPeLaJqfqhiERlPI-M5ucNbapbIBDlQ8EPk7VCxpKD6hmbdFpeVPdPYqHEz9OLwIbW\/s1700-e365\/android.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEibOvqcR7yA2YEzbIl3KKxzUg5siTAiiE45LTYtJuYpKsQM9EvREA4mWLD-m1xKiGKULJ8pIGc9qGJsZoHXCpHRERZXNBO0Qr_rcaG1YntV4GyiQU-Pf9JFa9LvgFIPeLaJqfqhiERlPI-M5ucNbapbIBDlQ8EPk7VCxpKD6hmbdFpeVPdPYqHEz9OLwIbW\/s1700-e365\/android.png\" alt=\"\" border=\"0\" data-original-height=\"1080\" data-original-width=\"1920\"\/><\/a><\/div>\n<p>\u00abIn that 24-hour period, we think it becomes much harder for attackers to persist their attack,\u00bb Android Ecosystem President, Sameer Samat, was <a href=\"https:\/\/arstechnica.com\/gadgets\/2026\/03\/google-details-new-24-hour-process-to-sideload-unverified-android-apps\/\" rel=\"noopener\" target=\"_blank\">quoted as saying<\/a> to Ars Technica. \u00abIn that time, you can probably find out that your loved one isn\u2019t really being held in jail or that your bank account isn\u2019t really under attack.\u00bb<\/p>\n<p>Google also said it plans to offer free \u00ablimited distribution accounts\u00bb that let hobbyist developers and students share apps with up to 20 devices without having to \u00abprovide a government-issued ID or pay a registration fee.\u00bb<\/p>\n<p>It&#8217;s worth noting that the aforementioned process does not apply to installs via the Android Debug Bridge (ADB). Limited distribution accounts for students and hobbyists, as well as advanced flow for users, will be available in August 2026, before the new developer verification requirements take effect the month after.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fs-report-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjWQgUDT06NQu9vGMPC7BWROmJABTIWg058l7oGKD-v3ZchC8_66xjbclOE9koChsRf5CEKgqrXTVrne_00PdGokh3brhvF-g33I4FYYpTukrvuNQWXZOVAfon6-2axyRoVJ4uOrXPqRhxfZUaJWEm-K9esUS3ql8VSVWAKLqyfhHLgMSXhkMTkcOtGSX7R\/s728-e100\/fs-report-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>\u00abWe know a &#8216;one size fits all&#8217; approach doesn&#8217;t work for our diverse ecosystem,\u00bb Google said. \u00abWe want to ensure that identity verification isn&#8217;t a barrier to entry, so we\u2019re providing different paths to fit your specific needs.\u00bb<\/p>\n<p>The development coincides with the emergence of a new Android malware called Perseus that&#8217;s actively targeting users in Turkey and Italy with an aim to conduct device takeover (DTO) and financial fraud.<\/p>\n<p>Over the four months, at least 17 Android malware families have been detected in the wild. They include FvncBot, SeedSnatcher, ClayRat, Wonderland, Cellik, Frogblight, NexusRoute, ZeroDayRAT, Arsink (and its improved variant SURXRAT), deVixor, Phantom, Massiv, PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 20, 2026Data Privacy \/ Mobile Security Google on Thursday announced a new \u00abadvanced flow\u00bb for Android sideloading that requires a mandatory 24-hour wait period to install apps from&hellip;<\/p>\n","protected":false},"author":1,"featured_media":335,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[787,200,790,2,42,792,243,791,789,788],"class_list":["post-334","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-24hour","tag-adds","tag-app","tag-google","tag-malware","tag-reduce","tag-scams","tag-sideloading","tag-unverified","tag-wait"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=334"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/334\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/335"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}